package io.jenkins.cli.shaded.org.apache.sshd.client.config.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProviderHolder;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.ModifiableFileWatcher;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.resource.PathResource;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.AbstractMap;
import java.util.Iterator;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:WEB-INF/lib/cli-2.381-rc33187.a_c11743cc7c1.jar:io/jenkins/cli/shaded/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.class */
public class ClientIdentityFileWatcher extends ModifiableFileWatcher implements ClientIdentityProvider, ClientIdentityLoaderHolder, FilePasswordProviderHolder {
    private final AtomicReference<Iterable<KeyPair>> identitiesHolder;
    private final ClientIdentityLoaderHolder loaderHolder;
    private final FilePasswordProviderHolder providerHolder;
    private final boolean strict;

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoader clientIdentityLoader, FilePasswordProvider filePasswordProvider) {
        this(path, clientIdentityLoader, filePasswordProvider, true);
    }

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoader clientIdentityLoader, FilePasswordProvider filePasswordProvider, boolean z) {
        this(path, ClientIdentityLoaderHolder.loaderHolderOf((ClientIdentityLoader) Objects.requireNonNull(clientIdentityLoader, "No client identity loader")), FilePasswordProviderHolder.providerHolderOf((FilePasswordProvider) Objects.requireNonNull(filePasswordProvider, "No password provider")), z);
    }

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoaderHolder clientIdentityLoaderHolder, FilePasswordProviderHolder filePasswordProviderHolder) {
        this(path, clientIdentityLoaderHolder, filePasswordProviderHolder, true);
    }

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoaderHolder clientIdentityLoaderHolder, FilePasswordProviderHolder filePasswordProviderHolder, boolean z) {
        super(path);
        this.identitiesHolder = new AtomicReference<>(null);
        this.loaderHolder = (ClientIdentityLoaderHolder) Objects.requireNonNull(clientIdentityLoaderHolder, "No client identity loader");
        this.providerHolder = (FilePasswordProviderHolder) Objects.requireNonNull(filePasswordProviderHolder, "No password provider");
        this.strict = z;
    }

    public boolean isStrict() {
        return this.strict;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.config.keys.ClientIdentityLoaderHolder
    public ClientIdentityLoader getClientIdentityLoader() {
        return this.loaderHolder.getClientIdentityLoader();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProviderHolder
    public FilePasswordProvider getFilePasswordProvider() {
        return this.providerHolder.getFilePasswordProvider();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.config.keys.ClientIdentityProvider
    public Iterable<KeyPair> getClientIdentities(SessionContext sessionContext) throws IOException, GeneralSecurityException {
        if (!checkReloadRequired()) {
            return this.identitiesHolder.get();
        }
        this.identitiesHolder.set(null);
        Path path = getPath();
        if (!exists()) {
            return this.identitiesHolder.get();
        }
        Iterable<KeyPair> reloadClientIdentities = reloadClientIdentities(sessionContext, path);
        updateReloadAttributes();
        this.identitiesHolder.set(reloadClientIdentities);
        return reloadClientIdentities;
    }

    protected Iterable<KeyPair> reloadClientIdentities(SessionContext sessionContext, Path path) throws IOException, GeneralSecurityException {
        AbstractMap.SimpleImmutableEntry<String, Object> validateStrictKeyFilePermissions;
        if (isStrict() && (validateStrictKeyFilePermissions = KeyUtils.validateStrictKeyFilePermissions(path, IoUtils.EMPTY_LINK_OPTIONS)) != null) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("reloadClientIdentity({}) ignore due to {}", path, validateStrictKeyFilePermissions.getKey());
            return null;
        }
        PathResource pathResource = new PathResource(path);
        ClientIdentityLoader clientIdentityLoader = (ClientIdentityLoader) Objects.requireNonNull(getClientIdentityLoader(), "No client identity loader");
        if (!clientIdentityLoader.isValidLocation(pathResource)) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("reloadClientIdentity({}) invalid location", pathResource);
            return null;
        }
        Iterable<KeyPair> loadClientIdentities = clientIdentityLoader.loadClientIdentities(sessionContext, pathResource, getFilePasswordProvider());
        if (this.log.isTraceEnabled()) {
            if (loadClientIdentities == null) {
                this.log.trace("reloadClientIdentity({}) no keys loaded", pathResource);
            } else {
                Iterator<KeyPair> it = loadClientIdentities.iterator();
                while (it.hasNext()) {
                    KeyPair next = it.next();
                    PublicKey publicKey = next == null ? null : next.getPublic();
                    if (publicKey != null) {
                        this.log.trace("reloadClientIdentity({}) loaded {}-{}", pathResource, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
                    }
                }
            }
        }
        return loadClientIdentities;
    }
}
